Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sparkplug Node identity belongs in the Auth service #178

Open
amrc-benmorrow opened this issue Aug 24, 2023 · 0 comments
Open

Sparkplug Node identity belongs in the Auth service #178

amrc-benmorrow opened this issue Aug 24, 2023 · 0 comments

Comments

@amrc-benmorrow
Copy link
Contributor

After quite a bit of thought about situations (e.g. cmdesc) where we are trying to authenticate data received over MQTT, I have decided:

  • A Sparkplug Node is a security principal.
  • The Sparkplug address of the Node is another identity mapping to the principal UUID, alongside the Kerberos UPN.
  • Sparkplug addresses of Nodes should live in the Auth service.

There is a partial implementation of this already in the JS client library, which looks up addresses from the ConfigDB. It needs replacing with an API on this service.
@amrc-benmorrow amrc-benmorrow transferred this issue from AMRC-FactoryPlus/acs-auth Apr 2, 2024
@amrc-benmorrow amrc-benmorrow changed the title Sparkplug Node identity belongs in this service Sparkplug Node identity belongs in the Auth service Apr 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@amrc-benmorrow